{"id":28640605,"url":"https://github.com/navneeth31/phishing-attack-demo","last_synced_at":"2025-06-12T20:07:39.704Z","repository":{"id":293991876,"uuid":"985679453","full_name":"navneeth31/phishing-attack-demo","owner":"navneeth31","description":"Educational phishing simulation using ZPhisher on Kali Linux to demonstrate credential harvesting techniques.","archived":false,"fork":false,"pushed_at":"2025-05-29T11:31:16.000Z","size":57,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-29T13:05:20.012Z","etag":null,"topics":["cybersecurity","ethical-hacking","kali-linux","phishing-simulation","security-awareness","social-engineering","zphisher"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/navneeth31.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-18T09:48:14.000Z","updated_at":"2025-05-29T11:31:20.000Z","dependencies_parsed_at":"2025-05-18T12:22:41.530Z","dependency_job_id":"1507b9a6-d8b3-4178-aee3-3c4921b6f571","html_url":"https://github.com/navneeth31/phishing-attack-demo","commit_stats":null,"previous_names":["navneeth31/phishing-attack-demo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/navneeth31/phishing-attack-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/navneeth31%2Fphishing-attack-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/navneeth31%2Fphishing-attack-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/navneeth31%2Fphishing-attack-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/navneeth31%2Fphishing-attack-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/navneeth31","download_url":"https://codeload.github.com/navneeth31/phishing-attack-demo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/navneeth31%2Fphishing-attack-demo/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259522115,"owners_count":22870449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","ethical-hacking","kali-linux","phishing-simulation","security-awareness","social-engineering","zphisher"],"created_at":"2025-06-12T20:07:39.056Z","updated_at":"2025-06-12T20:07:39.697Z","avatar_url":"https://github.com/navneeth31.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"***ZPhishier – Social Media Phishing Simulaton***\n\n-----\n**Summary**\nZPhishier is an educational phishing-simulation project built with ZPhisher on Kali Linux, running in a local VM environment. It automates the creation of cloned social-media login pages, demonstrating how easily credentials can be harvested from unsuspecting users. This documentation covers objectives, setup, execution details, results, and recommended best practices for security awareness and prevention.\n\n-----\n**Objective**\n\n- To illustrate phishing mechanics ethically for security awareness and training.\n- To demonstrate capture of credentials via cloned login pages.\n\n**Scope**\n\n- Simulation only (no real targets).\n- Local-only deployment (VM).\n- Focused on social-media site templates.\n-----\n**Legal \u0026 Ethical Disclaimer**\n\n**Important:** This tool is strictly for educational and awareness purposes. Unauthorized phishing—against real users or networks—is illegal and unethical. Always obtain explicit permission before any penetration testing or phishing simulations [IRJMETS](https://www.irjmets.com/uploadedfiles/paper/issue_12_december_2024/65449/final/fin_irjmets1734768076.pdf?utm_source=chatgpt.com)[GitHub](https://github.com/htr-tech/zphisher?utm_source=chatgpt.com).\n\n-----\n**Attack Overview**\n\n**-Phishing Type**\n\nCloning of popular social media login pages (e.g., Facebook, Instagram) to harvest credentials.\n\n**-Delivery Method**\n\nLinks are generated and tested locally; no external distribution in this demo.\n\n**-Target Audience**\n\nGeneral public (demonstration only on the attacker’s own machine).\n\n-----\n**Tools \u0026 Environment**\n\n- **ZPhisher**: automated open-source phishing tool with 30+ templates.\n- **Operating System**: Kali Linux (inside a virtual machine).\n- **Environment**: Local VM (no public hosting).\n-----\n**Setup \u0026 Configuration**\n\n1. **VM Preparation**\n   1. Spin up a Kali Linux VM (VirtualBox/VMware).\n   2. Ensure Internet access within VM for installing dependencies.\n2. **Install ZPhisher**\n3. **Launch ZPhisher**\n\nBash ./zphisher.sh\n\n\u003cimg width=\"833\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/9b5484c2-ad3d-4b9b-a77e-08065cebb730\" /\u003e\n\u003cimg width=\"835\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/ed8fdd41-4cfc-4d1b-8e6c-2818d66bb11c\" /\u003e\n\n4. Choose the social-media template.\n\u003cimg width=\"836\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/b1b21703-86ef-413b-81eb-2010b60b857f\" /\u003e\n\n5. Select “Localhost” or “Cloudflared/LocalXpose” (for local demos, localhost is sufficient).\n\n\u003cimg width=\"833\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/f1ed0090-3e88-43e4-9d46-e5f369f060d8\" /\u003e\n-----\n**Execution Steps**\n\n1. **Generate Phishing Link**\n   1. ZPhisher displays a URL (e.g., http://localhost:8080/facebook).\n1. **Simulate User Interaction**\n   1. Open the link in a browser tab.\n   1. Enter any credentials (email/username + password).\n\n  \u003cimg width=\"836\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/586e7e49-c8aa-4af0-b62f-3275b741bfc4\" /\u003e\n      \n1. **Credential Capture**\n   1. ZPhisher logs credentials in the terminal and saves them to logs/ directory.\n\u003cimg width=\"831\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/4e415c9c-8993-411f-883e-95add221d1bf\" /\u003e\n-----\n**Results \u0026 Analysis**\n\n- **Captured Data**\n  - Plaintext usernames/passwords printed in terminal and stored on disk.\n- **Security Triggers**\n  - No automated detection in this local setup (real-world defenses like anti-phish filters would block such URLs).\n-----\n**Mitigation \u0026 Recommendations**\n\n**“Do not click on suspicious, catchy messages from unknown sources.”**\n\n1. **User Training**\n   1. Regular phishing awareness programs with simulated tests [CISA](https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing?utm_source=chatgpt.com)[CybeReady](https://cybeready.com/phishing-awareness-training/phishing-prevention-best-practices?utm_source=chatgpt.com).\n   1. Teach employees to verify links and check sender domains before interacting [Microsoft Support](https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44?utm_source=chatgpt.com).\n1. **Incident Response**\n   1. Establish clear reporting channels for suspected phishing (e.g., “Report Phish” button).\n   1. Conduct follow-up training for any user who clicks or submits credentials\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnavneeth31%2Fphishing-attack-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnavneeth31%2Fphishing-attack-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnavneeth31%2Fphishing-attack-demo/lists"}